[olug] Routing and IPchains and IPmasquerading

Dave Homan dave_cog at hotmail.com
Thu Sep 6 15:11:25 UTC 2001


Hey guys, I was wondering if anyone could give me a tad bit of advice on 
this.  Basically I got an old i586 i'm setting up as a router/firewall 
between my cable modem and my regular machine.  I'm using ipchains (should i 
be using ipchains with 2.4 kernel or should I go for iptables?) to do the 
routing/firewalling.  Well actually I figured that I would try to do the 
routing part first, then try the firewalling part.  Well I'm stuck on the 
routing part.

Machine 1: eth0 ---> connected to the cable modem with the 24.x.x.x ip addy, 
works great.  eth1 ---> assigned ip addy of 192.168.0.1 as my gateway for 
the other pc.

Machine 2: eth0 ---> connected to eth1 on the gateway pc.

I hooked them together ok, they can ping eachother, andn i can SSH into the 
gateway from work, then ssh again into the internal pc so the connection is 
ok.

My problem is that I can't get the router to masquerade packets from the 
other pc without setting the forward policy to MASQ:
/sbin/ipchains -P forward MASQ
If i do that command, everything works fine, but I don't want to just set 
the forward policy to masq and then let it run, I want to just it up so that 
it will only masq stuff from eth1 but when I try this:
/sbin/ipchains -A forward -j MASQ -i eth1 -s 192.168.0.0/24
then it doesn't work.  Any insight on what I'm doing wrong here?  I suppose 
I can just set up the default forward chain to MASQ, but that just doesn't 
sound very secure.  I'd rather set it to DENY and then only MASQ packets 
coming from my regular internal machine.

clues, hints, anyone?

-dave

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_




More information about the OLUG mailing list